I had a chance to speak with Bruce Swope, the VP of Engineering at SterlingTech, an ISO13485 Registered full-service medical device software organization offering software development and validation services. SterlingTech has developed software for an array of medical products including implantable devices as well as external support and monitoring equipment. Their team has worked on Class I, II, and III devices that resulted in successful FDA 510(k)s, PMAs, and CE submissions.
Bruce has extensive experience in medical device software development and he is an expert in leading Class III medical software products to commercial release. His depth of experience also spans the development of enterprise solutions, security applications, internal applications, and process control systems. He has been an early adopter of quality practices including ISO 9000 processes, Common Criteria Certification and Capability Maturity Model implementation.
I wanted to talk to him more about the challenges developing software in an FDA-regulated context and what all this means to medical device software development teams.
[Brendan] Given your experience working with a variety of medical device companies, what do you see as the biggest business challenge they face?
[Bruce] The biggest challenge is developing a medical product in a cost effective manner that meets FDA and international regulatory regulations. Most companies have very limited resources available and have boards or investors that are not used to the rigors of regulated development. This often leads to a gap between investor expectations and the reality of getting the product ready for market.
[Brendan] What about technology challenges?
[Bruce] The hardware platforms that the systems are developed for are very expensive in time and money to update once fielded. Often, the hardware is impossible to update without dramatic impact to the patient such as surgery. This creates a need for software developers to find creative ways to extend the life of the hardware by introducing new functionality without updating the hardware. This can often cause the software to become much more complex than planned.
Further, device manufacturers must balance the expectations of customers against the rigor and security required with making a medical product. Consumers are very accustomed to seeing feature rich devices reach the palm of their hand and wonder why their heart pump can’t double as a PDA or MP3 player or why they can’t plug their device into the internet to download new alarm tones.
[Brendan] What’s the most common problem your firm is hired to solve?
[Bruce] Many of our customers are looking for an organization that has experience in working with a given technology to create a product that will be approved by the FDA and international regulatory authorities. They are looking for someone that has the experience to deliver a quality product and a complete design history file without wasted effort or significant delays.
[Brendan] In your experience, do most medical device companies have a clear understanding of the regulatory environment or is there still confusion in the market?
[Bruce] Many of our customers are early stage companies that are looking for us to provide the knowledge of the regulatory environment. Other clients may have an understanding of some aspects of the regulatory environment such as mechanical or electrical but need assistance with the software aspects.
Unless companies invest in dedicated regulatory resources early on and get the FDA or notified body involved sooner rather than later, there will always be confusion and opportunity to misdirect effort.
[Brendan] Any common misconceptions related to compliance issues you can share?
[Bruce] Companies have come to us with a misunderstanding of the impact “level of the concern” will have on the development process for their proposed device. Companies will often put in place a Quality System that is overly burdensome on the software development process.
The result of these mistakes is often that either too much or too little is done to develop the software. Either outcome is damaging. In the case where too much is done, extra cost is incurred and the project completion and entry to the market is delayed. In the case where too little is done, a rejected submission could result leading to further cost and delays.
[Brendan] What’s the #1 recommendation you give to clients as it relates to the intersection of compliance issues and software development?
[Bruce] Make sure that your company has a good solid Quality System as it applies to software development. Do not put a Quality System into place that you can not follow. This is the cause of most audit problems. Use automated tools in your process to allow your developers to focus on the creative parts of the software development. Keep things as simple as possible. Drive out risk early.
[Brendan] Where can people go to get more information? Any good online resources out there?
[Bruce] For an executive overview for determining whether a new device is a medical device or for ideas on how to use a static code analysis tool in medical device development, we have a library of whitepapers people can download.